EDIT: Adding new translations as they come in (thanks, folks!). If you're considering translating these brochures, please contact us first at tor-assistants@lists.torproject.org to make sure nobody else is already working on the same translation.

There are three different versions of the brochure, all with the same front and different backs:

Law Enforcement & The Tor Project: Geared as a quick reference for law enforcement audiences (not just investigators, but also support services).

The Benefits of Anonymity Online: This is meant for journalists, domestic violence organizations, and others focused on protecting their identity online.

Freedom & Privacy Online: The target audience here is the general public - helping educate people about the reasons that protecting their privacy is important.

Feel free to use these brochures to spread the word about Tor. And just in case you're new to Tor and wondering whether you're permitted to use these brochures: yes, absolutely! We really want people to talk about Tor. Even if you don't have good answers for all the questions people might come up with, these brochures might serve you as a guidance.

Need a stack of these for an event? Contact us, tell us about the event and how many brochures and which of the three versions you need, and we'll mail them to you. Note that we might ask you to write a trip report and give us some feedback on the brochures in exchange.

Also, we will be offering updated versions of these brochures on an ongoing basis.

I have to say, I'm not quite sure how I feel about the very first line on the Law Enforcement brochure being "Abuse is the Exception". If a LEO has no idea what Tor is, reading that will immediately put the idea in their mind that "Oh, so Tor is a thing that's abused, even some time?" You may want to consider revising that.

It's sort of like what we furries have learned about the media. If you start out an interview by saying "Oh, no more than %5 of us are sexual deviants", it'll immediately put the idea in everyone's mind that furries are sexual deviants. It's best to just avoid the topic all together.

Basically, you're right. BUT: What about knife producers? Knifes are abused on a daily basis, but how could this really discredit the good use of knifes for medical operations or cooking? Rather than concealing the fact that there is marginal abuse, you should find good analogies to convey just proportions of the problems every technology faces.

I think the main point of the other anonymous commenter was that it's critical to pick the right words there, not to leave out this part entirely. Well, unless I got that wrong. What I can say is that we had to touch on the topic of abuse, because, sadly, that's how some law enforcement officers first learn about Tor. That's different from knifes or most technologies that can be abused. But this is our chance to tell law enforcement that what they're handling, the case where some jerk abused Tor, is the exception, not the rule. Earlier versions of this brochure didn't mention abuse at all, but we decided that they were lacking practical relevance for law enforcement people.

Fine question. Might be easiest if you download the ODG file, translate the text, ignoring that it will mess up the layout, and send the translated file to tor-assistants@lists.torproject.org. I'll handle it from there. And we'll see if we can improve that process for the next language. Thanks!

It's "half letter size", because the original version was designed by people who are used to US paper formats. (I don't have letter paper at hand, either.) But it should still look okay when printed out on A4 paper.

OH, WOW! This is really amazing and unbelievable! I've been waiting for something like this for years, literally! I had a similar idea and told Roger about it, but he didn't answer. Obviously, someone had the same idea like me.

This is the best news I've encountered in recent days. I'm somehow speechless. I hope you have at least a slightly guess how significantly you are making the world a better place.

Well, not exactly, though Kate Krauss provided some very valuable feedback on the final draft of these brochures. But it's really based on work from Leiah Jansen, Kelley Misata, and Karen Reilly performed two years ago, plus recent efforts to update and rewrite content with contributions from Lunar, Harmony, Noel David Torres Taño, Andrew Lewman, Roger Dingledine, Julius Mittenzwei, Paul Syverson, Kate Krauss, and myself. Few things at Tor are the result of a single person.

"The firm has mostly served as a stepping stone to the recent hiring of the Tor Project’s own media professional, Kate Krauss, and the creation of a public-relations operation unprecedented for the organization."

"The Tor Project builds and distributes free tools that allow
journalists, human rights activists, diplomats, business people,
and everyone else to use the Internet without being watched
online by governments or companies."

is clunky, should read more like

"The Tor Project builds and distributes free tools that have allowed
journalists, activists, citizens, politicians, businessmen, military and police to use the Internet anonymously.

Points:

No point in discriminating against what type of activists as if one is more credible than the other.

Use of PC term "business people" is unncessary, businessmen refers to all people "men as in mankind" not just a particular gender.

The phrase "ordinary people" looks down on others, "Everyone else" you swept into the bin, like a big "and the rest of your kind", we are citizens not "everyone else".

Diplomats is a strange political focus to bring up, better to say generally politicians.

The qualitative "without being watched online by governments or companies" only brings in a small subsection of Tors uses. Generally Tor is an anonymizing tool, and if anything it will bring more scuritiny by governments than if you hadnt used it at all.

Lastly, what it does is not so much as sigificant to people as what is has done. Say that Tor has a reputation of this and not just a claim that it will.

This is very helpful feedback! We're currently collecting suggestions for an updated version to be released later in April in order to make the translation task less painful. We'll consider your suggestion for that version. Thanks!

This is awesome! But we'll also need the translated text in a text file, so that we can put it under version control and ask you or somebody else to update it whenever the English text changes. Can you contact us at tor-assistants@lists.torproject.org to talk this over? Thanks!

The Tor protocol explanation uses the usual "Alice" and "Bob", but then talks about "web page requests". It might be an idea to make it more explicitly clear that Alice is trying to browse Bob's website.

Indeed, that might clear up things a bit. As I wrote above, we're currently collecting suggestions for an updated version to be released later in April (or May?) in order to make the translation task less painful. We'll consider your suggestion for that version. Thanks!

Companies like Google and Apple have got it in the neck for securing their users' privacy, and their unwillingness to drop this stance has frustrated needy detectives.

"We are disappointed by the position taken by these tech firms and it only adds to our problems in getting to the communications of the most dangerous people that are abusing the internet," said Europol director Rob Wainwright this week.

"[Tech firms] are doing it, I suppose, because of a commercial imperative driven by what they perceive to be consumer demand for greater privacy of their communications."

Swines.

The differences between how the "mainstream media" and "tech media" report US/UK demands to outlaw crypto/Tor are very striking.

why isn't Comey screaming about the manufacturers of paper shredders, which similarly allow their customers to hide papers from "lawful surveillance?"

this demonizing of encryption as if it's only a tool of pedophiles and criminals is just ridiculous. Regular everyday people use encryption every single day. You're using it if you visit this very website. And it's increasingly becoming the standard, because that's just good security.

I like to use another analogy: imagine young J. Edgar Hoover back in 1920 screaming to the press that this new-fangled thing the automobile must be outlawed because it is hideously dangerous "bank-robbery-enabling technology", and imagine an angry Henry Ford pushing back. Not unlike FBI vs modern-day tech giants, perhaps?

Arguing "if FBI get's its way yet again, this will cost jobs" (by preventing economic growth resulting from strong civilian encryption) is one of the few arguments which actually makes politicians prick up their ears. A complementary argument: growing an electronic privacy industry will create jobs (most effective when presented by Google employees eager to strike out on their own); "if we don't, the Germans will". (Germans should of course argue that their own government should seize the opportunity to replace the US as the world's provider of data services.)

Another argument which reliably draws the interest of US politicians: explain how the unencrypted health records of 7 million US military persons* and their families were stolen in the third largest breach of HIPAA protected PHI yet reported to HHS, how foreign intelligence agencies can use such troves of stolen EHRs, and how strong encryption would have impeded them. Trawl through healthitnews.com for many stories about EHR insecurities and massive data breaches, and note how many would have been easily prevented if only strong encryption were mandated by law.

*Including the NSA/TAO ROC-ers at Lackland AFB, ouch, the irony, it burns most atrociously, Sir!

The reason why arguments which make more sense to privacy advocates (such as appealing to international norms exemplified by the universal human right to privacy as expounded by the UN) appear to fall on deaf ears is not so much that lawmakers truly don't care about human rights, but that they need to hear an argument which they feel they can actually use in the current political environment in FVEY legislatures.

Another point worth making: data services corporations, health insurers, the rapidly growing industry (see Root9B, Rook Security, Cyveillance) which sells cyberwar services to banks and other international corporations, and the surveillance-industrial-complex are all competing for a very small number of black-hat-hackers with the necessary knowledge and skills. Eradicating NSA's SIGINT division would immediately provide thousands of people who can be retrained as health-data-protectors in a government-sponsored crash program (first stop: political re-education camps instructing former ROC-ers about the US Constitution and the revolutionary origins of the USA). Also, freeing up ROC-ers for data protection work would reduce the pressure on FBI and other agencies to hire so many people convicted of criminal cyber-bank-theft schemes; the dangers of this practice should be self-evident to lawmakers.

I concur with others here who feel that US persons who value Tor should at least attempt the Constitutionally approved method of lobbying their Congressional representatives, even though none of us is so naive as to expect this to prevent CISA from being enacted into US law. By do doing you are in effect following the example of Edward Snowden, who attempted to "work within the system" to bring a modicum of sanity into the USIC, before he became a whistleblower.

It is important to recognize that the current attempts to

* outlaw Tor (especially hidden services)
* grant FBI the "authority" to hack at will into Tor nodes, HS servers, and perhaps even into any computer running TBB
* mandate backdoors in all operating systems and cryptosystems

include at least several closely related items which are currently being very intensively pushed by a concerted USG sponsored media onslaught:

It is also important to know that the "9/11 Committee" continues to issue influential advisory white papers, in particular calling for the FBI to convert itself from a law enforcement agency into a domestic intelligence agency. And top FBI officials have been bragging about how effectively they have implemented this recommendation

“I saw that [ACLU] said we were a domestic intelligence agency and my response was, ‘Okay, good,’ ” said Comey, who was relaxed and had shed his jacket in a roundtable gathering with 18 reporters. “I think that’s one of my responsibilities, to continue [former FBI director] Bob Mueller’s work to transform the bureau into an intelligence agency.”

It is amazing that the US Congress has raised so little objection (apart from a dramatic speech by NSA stalwart Diane Feinstein) to the more or less openly acknowledged fact that USIC spies intensively on the Congress and on everyone who communicates with Congress. One reason why that is so troubling is that it implies that "privacy advocates" tend to be "frozen out" of the political process, because they are acutely aware that expressing to their representative any views contrary to the interests of the surveillance-industrial complex is likely to get them placed on watchlists of persons who are assessed to pose a "potential national security risk".

But if you are a Tor user, you are already on watchlists. In particular, NSA enumerates the IPs of all devices communicating with a Tor directory authority, and they tie real-life identities to all IPs. And GCHQ monitors visitors to torproject.org as a favor for NSA. Further, dozens of documents emanating from NCTC and allied USG agencies suggest watchlisting anyone who expresses a wide variety of views, including:

* what some analyst considers to be "excessive concern for civil liberties"
* anyone who expresses a personal grudge or complains about discrimination
* anyone who has been a victim of or witnessed a violent crime
* anyone who expresses anti-nuclear views
* anything some analyst considers to be a "conspiracy theory"
* anyone who has recently purchased a weapon (does a Black phone count?)'

How do such zany criteria come to be enshrined as USG policy in soberly written official documents? Simple: when you hire thousands of people tasked with sitting around all day thinking up horrid scenarios for how "US interests" could be harmed by, among others, "domestic extremists", you should expect more and more... imaginative... whitepapers to result. When you hire tens of thousands of people tasked with sitting around all day reviewing the private lives of individual citizens, looking for "evidence" of "terrorist proclivities", you should expect more and more imaginative interpretations of entirely innocuous daily activities. For example: various NCTC/DHS/Fusion Center bulletins have warned about allegedly suspicious and "potentially dangerous" persons who... wear backpacks... ride bikes... carry binoculars... pay with cash in bookstores... take photographs.

And it doesn't help that so many Fusion Center analysts gained their basic training in military intelligence units in Afghanistan or Iraq, or in at least one case, while conducting interrogations of "high-level detainees" at GTMO. (Who knew, until Wikileaks published an example, that there is such a thing as a diploma certifying the recipient's expertise in "enhanced interrogation"? And shouldn't every US citizen be alarmed that Fusion Centers show such an interest in hiring people who possess this kind of military credential?)

So if you are reading this blog, maybe even if you simply live in the USA, you are most likely already on plenty of watchlists.

Ironically, many current congressional staffers previously worked as activists and were placed on secret USIC watchlists, and once you are on one of these lists, you can never get off. Same thing happens in the UK:

Users and developers: what is our plan? If we don't have one, we better make one ASAP.

I urge Tor Project to:

* establish legal support in advance (I assume this has been done) of reception of NSLs and other demands from USG, China, Russia, India, Pakistan or other governments,

* establish in advance plans for relocating key TP people/assets in the event that US/UK/FR declares Tor illegal (but where to relocate?),

* following the example of the Tails Project, use Shamir's secret sharing scheme to counter possibility of one or more developers being rendered and rubber-hosed,

* if the Project deems these proposals unduly alarmist (and I certainly hope they are), please solicit posts from recognized legal scholars explaining why such recent developments as the Executive Order of 1 Apr 2015, which bearing in mind the stunningly "imaginative" misuse of language by NSA revealed by Snowden, appears to imply (lawyers, if I am wrong please tell us why!) that the assets of Tor node operators anywhere in the world can be frozen without notice or appeal.

The cited EO doesn't seem to have a number yet, but there is a press release at whitehouse.gov. The title is of the order is:

Mainstream US press coverage (aka USG propaganda) suggests the order is nominally aimed at the semi-mythical Iranian/Chinese state-sponsored cyberhacker and/or the semi-mythical Romanian banking cyberheist gang, but as seems to be the new normal, the language is extremely broad and it appears that the definitions offered could easily be twisted by self-described domestic intelligence/cyberwar agency FBI, bearing in mind the fact that all Tor users routinely build circuits using nodes hosted on (mostly commercial) servers located in many nations, operated by (mostly) private citizens residing in many nations.

The order declares a "national emergency" (heavens) and directs USG agencies to

(i) freeze/seize all assets of anyone who is or comes under control of US authorities (think CIA kidnapping, or servers located in Ireland but owned by Microsoft)

who USIC believes may be engaged in

(ii) anything tending to impinge on US national security, foreign policy, financial stability

Or as the self-described constitutional lawyer and leader of the free world (aka chief-assassin by probabilistically-targeted drone strikes) puts it:

(i) "All property and interests in property that are in the United States, that hereafter come within the United States, or that are or hereafter come within the possession or control of any United States person of the following persons are blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in"

(ii) "any person determined by the Secretary of the Treasury, in consultation with the Attorney General and the Secretary of State, to be responsible for or complicit in, or to have engaged in, directly or indirectly, cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States that are reasonably likely to result in, or have materially contributed to, a significant threat to the national security, foreign policy, or economic health or financial stability of the United States and that have the purpose or effect of:
...
(C) causing a significant disruption to the availability of a computer or network of computers"

Could FBI interpret (C) to cover impeding USIC dragnet surveillance by using Tor? Could NSA's Xkeyscore activities be interpreted to constitute a "network of computers"? It seems clear (C) could cover DDOS, so teens tempted to try that on should consider the possibility that their parents house might be seized as happened recently to an American grandmother whose open-WiFi was abused by someone for DDOS. Could expressing criticism of e-trading be interpreted as attempting to cause financial instability in the US economy? Could The Intercept's reporting on GCHQ/CSE abuses be interpreted as harming US foreign policy?

For example, could my assets be seized if I use Tor to point out that in a recently leaked document, GCHQ itself confirms that it specifically targets absolutely every last human being living in Iran? That another just leaked NSA document specifically includes among the nations targeted by GCHQ the significant two letter country code "UK"? Britons, this means YOU!

It is wonderful to see the Tor Project becoming more politically sophisticated, and I feel this is necessary to oppose lobbying by our enemies.

I feel that many of the more ambitious suggestions on this page (and the related thread on HS) can be interpreted as urging the Tor Project to reach out to like-minded groups such as AccessNow, EFF, ACLU, Tails, Riseup, and relevant projects at Github. (All of these resources currently appear to be under active state-sponsored attack.) In that spirit, two more suggested initiatives which I feel would be very useful in the current environment which is rapidly becoming so hostile for activists all over the world:

* form a collective for forensic analysis of devices which have come into the physical control of "the authorities" (with the goal of reverse engineering and publishing our enemies's best malware, in order to make them think long and hard before attacking us; ideally analysis would include testing microcontrollers, BIOS, firmware)

* form an international collective for legal analysis of proposed and enacted laws, govt and corporate policies, US presidential executive orders, Russian presidential decrees, etc.

These are not things Tor Project can do alone. Privacy-minded persons/groups need to band together in some kind of mutual defense pack to preserve what is left on-line of the cherished principles of freedom of speech/information/religion/assembly.

Another kind of outreach by Tor Project which I think would be valuable, and which is somewhat analogous to "educating" LEAs around the world, would try to dissuade well-intentioned vigilante groups who have apparently operated undeclared families of Tor nodes for the purposes of identifying and retaliating against Tor users these vigilante suspect of belonging to targeted groups such as:

* extremists, especially Islamic extremists

* malware punters

* bot herders

* child pron sharers

* human traffickers

* "recreational" drug users

Many people, even many people here, might find at least one of these target groups so objectionable that abusing Tor to identify such persons might seem reasonable.

However, arguments against running Tor nodes for the sole purpose of attempted extraction/characterization of content from Tor network traffic might include pointing out other reasons why people really really need Tor for purposes at least as "good" (by our standards) as the ones named above are "bad" (by someone's standards). For example:

* grass-roots organizations in Mexico struggling against drug cartels and corrupt local government officials

* residents of countries with an official religion who wish to organize in order practice some other religion in secret

The problem is of course that when vigilantes perform MITM+DPI to attack some target group, they inevitably wind up attacking all these other people too.

It is worth pointing out that some vigilante groups appear to be state-sponsored. In the US, at least one well meaning group which appears to operate an undeclared Tor family for purposes of surveillance of a narrow target population appear to openly engage in public-private partnerships with state government social service agencies, which illustrates the scope of the problems we face from well-meaning persons who are messing with the Tor network.

Another argument would be to explain what Mossad did in Liliehammer, Norway, back when Golda Meir was PM.

> Another argument would be to explain what Mossad did in Liliehammer, Norway, back when Golda Meir was PM.

On 21 Jul 1973, a team of Mossad agents under the personal direction of the chief of Mossad, Michael Hariri, assassinated a waiter, Ahmed Bouchiki, in front of his wife (who was pregnant with their first child), in Lillehammer, Norway. The team had mistaken Bouchiki for Ali Hassan Salameh, a Black September operative credited by Mossad with masterminding the massacre at the 1972 Olympics in Munich. Several members of the kill team were arrested by Norwegian authorities before they could flee the country (Hariri himself barely escaped capture), tried, convicted, and quietly released some years, under intense pressure for the US State Department.

PM Golda Meir was furious with Hariri, who had personally assured her that "Mossad never screws up". But he knew that was a lie when he said; in fact, he personally traveled to Norway because the kill team consisted of greenhorns, so he felt they needed close supervision from an experienced assassin.

The point is that political assassination, even of the "worst of the worst", is a bad idea because no nation is immune from mistakes, just as no guided munitions is immune from "collateral damage".

Not to mention a fine point which appears depressing irrelevant when the sole superpower is functioning as the world's leading rogue state: murder is illegal everywhere, and political assassination contravenes international law.

The FBI, under intense pressure from the US political leadership, has remade itself into a domestic intelligence agency tasked with the dragnet surveillance of the People, especially people who protest "national security policy" such as targeted drone killings. If it continues to become more and more like CIA/NSA and less like an agency whose mission is to respect the law while enforcing the law, and as the US judicial system increasingly abandons the sacred principle that all persons are equal under the law, FBI will inevitably take an another mission: domestic assassination. But many, even in USIC, believe that is not such a novel mission for FBI.

You've seen the picture: men standing on the balcony, pointing at the assassin's window, and one guy kneeling, checking King for life signs. That man was James Harrison, the undercover FBI agent who had infiltrated King's inner circle. He wasn't trying to save King, he was making sure King was really dead, as the Director desired. See

> Darknet marketplaces using the anonymous online network Tor have been under siege this week from “the most serious attack TOR has ever seen,” according to one marketplace operator.

It's Tor, not TOR.

> “TOR developers are saying that they think the problem will be solved in a few more days,” a Middle Earth operator who goes by “MEMGandalf” said earlier this week on social media website Reddit. It’s not clear who is behind the attack and whether it is ongoing. But darknet marketplaces have received increasing scrutiny from government investigators in recent months. Just a few weeks ago, the Department of Homeland Security subpoenaed Reddit for information about the top posters on the subforum the Middle Earth operator used to announced the attack.

...

> FBI Director James Comey has called it the “going dark” problem, where criminals are able to operate in a zone of complete anonymity. But Tor is also the leading privacy tool used to help dissenters hide from authoritarian regimes, protect journalists from persecution and simply keep information safe from hackers. The U.S. government funds the vast majority of the software’s development costs. The contradiction has put the Obama administration in a tough position: trying to simultaneously defend the right to online anonymity while finding a way to digitally track suspected criminals.

The Hill is read by many Congressional staffers, so perhaps there is some hope after all for the Tor community that concerted lobbying from ordinary citizens just might put off CISA until wider heads can put in much needed amendments (or even better, kill this new surveillance monster law).

> The operator of an underground marketplace hosted within the Tor network has reported a flaw in Tor that he claims is being used for an ongoing denial of service attack on the site. The problem, which is similar to one reported by another hidden site operator in December on the Tor mailing list, allows attackers to conduct a denial of service attack against hidden sites by creating a large number of simultaneous connections, or "circuits," via Tor, overwhelming the hidden service's ability to respond.

Tor users, if possible please report anomalies while browsing the non-dark net too. In recent days, there have been reports from Tails users of disconnections from the LAN, followed by immediate reconnections. This could be a bug in Tails, but some speculation NSA/GCHQ may be attempting to bypass one of Tor's great strengths, perfect forward security. From the canonical source for practical attacks on SSL/TLS:

> the session resumption mechanism can be finicky: session keys must either be stored locally, or encrypted and given out to users in the form of session tickets. Unfortunately, the use of session tickets somewhat diminishes the 'perfectness' of PFS systems, since the keys used for encrypting the tickets now represent a major weakness in the system. Moreover, you can't even keep them internal to one server, since they have to be shared among all of a site's front-end servers! In short, they seem like kind of a nightmare.

For legislative staffers whom, we hope, might read this blog (using Tails of course, we hope): if you missed the Guardian story on how NSA operatives made sure NIST standards used a flawed pseudorandom number generator, here are some handy links:

> It seems clear (C) could cover DDOS, so teens tempted to try that on should consider the possibility that their parents house might be seized as happened recently to an American grandmother whose open-WiFi was abused by someone for DDOS.

It is an easy guess that Tor will be blamed for the forthcoming OpIsrael, if it happens as threatened:

> The campaign — dubbed #OpIsrael on Twitter — is intended to “erase” Israel from cyberspace, according to its organizers. Anonymous and its affiliates have a history of targeting Jewish institutions over Israel’s activities in the Palestinian conflict.

I don't wish to offend Anonymous, but I feel it neccessary to point out that opposing state-sponsored political assassinations (a favorite "tool" of two notorious rogue nations, USA and Israel) does not imply support for OpIsrael! Here are some reasons why OpIsrael is IMHO a bad idea:

* dissident acts which appear "too easy to be a good idea" probably are (a sub-principle of the principle that offers which appear "too good to be true" probably are)

* Snowden said that if you aren't willing to risk a great deal for your moral principles, you probably don't believe very deeply in said principles, from which it follows, I think, that dissident acts which appear (emphasis on appear) risk-free probably don't mean very much

* opponents of the more lethal and illegal actions by USA and Israel have the moral high ground, until we descend to the kind of active cyberattacks which are used by our enemies (breaking into computers owned by someone else, denying others their little soapbox), and this is political terrain we should not give up without careful strategic thought,

* there are Israeli dissidents too, and they bitterly oppose political assassinations, mistreatments of Palestinians, the possibility of making war on Iran, etc., and if you cut off from the Internet the entire nation of Israel, you'll harm people who actually agree with the political aims of OpIsrael,

* if USIC thinks they've fingered you as participating in OpIsrael, regardless of where you live, the USG may well try to seize your computer, your bank account, your parent's house, etc.; just look what they did to Aaron Swartz, who was simply sharing some journal articles from a site which a few months later made them all freely available anyway.

o the monument marks one corner of a mass grave (constructed after the war) which holds the remains of some 11,000 Patriots who died on the prison hulks which were moored in Wallabout Bay during the Revolutionary War,

o the invasion of Brooklyn by the UK on 22 Aug 1776 was the largest amphibious invasion ever launched, a record held until the D-day landing in Normandy,

o the Battle for New York, which raged from late Aug through Sep 1776, involved more soldiers than any other battle of the war,

o Washington's main accomplishment was to narrowly avoid his entire army, with the help of impossibly good fortune, aka a miraculously obscuring fog just when the Patriots needed it most, followed by a (mostly) successful fighting retreat up Manhattan Island and then across the Hudson River,

o almost all American prisoners held by the British were sent to the prison hulks, where almost all soon died; the British simply tossed the dead into the bay; many of the bodies wound up being buried by the action of the tides in the shore of the Bay,

o British and American prisoners held by the Americans were comparatively well-treated, and most survived; many Hessian prisoners chose to remain in America after the war,

o during construction of the Brooklyn Navy Yard in 1803, the natural shoreline was altered, leading to the discovery of many bones of the unfortunate Patriot prisoners,

o the Federal government refused to deal with the situation, so the notoriously corrupt Tamany government arranged for the bones to be re-interred on a nearby Hill (the site of the present monument); the crypt was dedicated in 1808,

o the monument is located in Fort Greene Park, which is named for Washington's best general, Nathaniel Greene, who unfortunately for the Patriots sat out the Battle of New York because he had come down with a life-threatening case of the flu,

o the site is close to the site of Cobble Hill fort, from which Washington observed the British, who had outflanked the American defenders, slaughter the brave Maryland regiment, causing him to cry in anguish "O What brave lads I must lose this day!",

o the bust of Snowden weighs 100 pounds and is proportional in size to the height of the column,

o there is a new dedicatory plaque reading simply "Snowden",

o several other recent "art pranks" in NYC have resulted in determined police investigations, so this action was quite risky for the artists.

The analogies between

o King George III's terribly misguided government and current US government policies,

o the grievances of the 1776 patriots and the grievances of modern privacy and Occupy advocates.

o grass-roots tactics such as closing the Kings courts in 1775, the Boston Tea Party, and Vietnam war era "sit-ins" and modern acts of "vandalism" of valuable properties,

o the fearful atmosphere of menace endured by all participants in the dramatic events leading up to the Revolution, and the current hysteria about domestic dissidents,

are extensive and impressive. For details, see

Ray Raphael, A People's History of the American Revolution, New Press, 2001

Barnet Schecter, The Battle for New York, Pimlico, 2003

John Gallagher, The Battle of Brooklyn, Sarpedon, 1995

All three of these books, incidentally, are so provocative that I fear they are in serious danger of being banned by the USG, so if you can find a copy, make photocopies and pass them around.

> A laptop that was used to store leaked files from Edward Snowden and then destroyed under watch from U.K. intelligence officers is now on display at a prominent London museum. The smashed MacBook Air is on display at the Victoria and Albert Museum as part of an exhibition examining “the role of public institutions in contemporary life and what it means to be responsible for a national collection.”

The politicians who read The Hill will appreciate better than most, I think, the fact that in participatory democracy, visual symbolism matters. Smashing electronics belonging to a leading UK newspaper else does not make the UK government look at all healthy or sane.

> In addition to the unofficially dedicated Snowden monument in Brooklyn

It has already been destroyed by NYC officials.

Corrections from Parks and Wreck: early in the 19th century, as the Navy Yard was being built, the remains of c, 11,500 Patriot soldiers were buried in another location. Walt Whitman (editor of The Brooklyn Daily Eagle, also known to early twentieth century schoolchildren for subversive acts of poetry) campaigned to create the Prison Ships Martyrs Monument. The crypt under the "official" monument only holds a small selection of the bonees of the unfortunate prisoners. The current resting place of the other Patriots appears to be unknown.

It is well known that the American STEM professions (Stat-Sci-Tech/ Engineering/Math) were largely beholden to the Defense-Industrial complex even prior to 9/11. In particular, for decades NSA has been proud to bill itself as the largest single employer of PhD mathematicians in the world. The reason NSA needs so many math PhDs is that everything NSA does critically depends upon mathematics, often novel mathematics which can only be created by dedicated cadres of specialists in arcane areas of number theory, graph theory, probability theory, differential equations, and other fields.

Not so well known, perhaps, is the extent to which, after 9/11, the USIC moved onto American campuses. Many US universities have joined the University of Maryland, College Park* in hosting USIS agents in on campus USIC-funded academic programs, in addition to inviting NSA to embed "talent spotters", "advisors", and "consultants" in academic departments. Some go so far as to say that since 9/11, the American mathematical profession has effectively become an NSA captive.

*Edward Snowden's first worksite, as an employee of the Surveillance-Industrial Complex, was a large NSA-funded research facility on the campus of UM College Park.

However, after publication of the first Snowden leaks, many members of the AMS suffered a dramatic change of heart about working on the behalf of the Surveillance State. There are now at least two active mathematician-led anti-NSA campaigns, which seek to

o force AMS to break off all ties with NSA,

o induce faculty senates to vote USIC off American college campuses.

These movements are supported by EFF; why not Tor Project too?

The Notices of the AMS has been publishing an on-going "debate" on the demerits of working on behalf of NSA. Somewhat comically, the editors complained that they tried hard to find mathematicians who would speak up for NSA post-Snowden, but could only obtain comments from current or former employees, who are hardly impartial commentators.

> Many mathematicians earn NSA funding for their research, their students, and their universities through an annual grant competition administered by the American Mathematical Society.

He explained why NSA is so terrified by the prospect of being ostracized from the AMS:

> It would be shortsighted for the NSA to push away our top scientists by appearing negligent. Leadership at the NSA evidently realizes the vital importance of public and scientific support. A portion of their effort is dedicated to improving all levels of math education and supporting open, unclassified math research in the United States.

Forcey neglected to discuss an important aspect of the controversy: NSA sometimes classifies "open" research after the fact, and has not hesitated to retaliate against anyone who resists classification of research not funded by NSA (an attitude which has encouraged the growth of the mathematical underground, which represents another community which could use improved Hidden Services to advantage, for example for sharing underground technical reports or "liberated" NSA sponsored research).

> I am writing this Letter to the Editor to suggest the AMS sever all ties with the NSA (National Security Agency)... the NSA destroyed the security of the Internet and privacy of communications for the whole planet. But if any healing is possible, it would probably start with making the NSA and its ilk socially unacceptable just as, in the days of — my youth, working for the KGB was socially unacceptable for many in the Soviet Union.

(See the blog posts by Matthew Green for a detailed rebuttal of his claims.)

One mathematician who is not a full time employee of NSA but longstanding ties to that agency, struggled to find something positive about NSA. Andrew Odlyzko (University of Minnesota), a leading coding theorist, wrote:

> My carefully considered view is that our society has become preoccupied with terrorism to an absurd and harmful degree. That is what has driven the intelligence agencies to the extreme measures they have taken... much of this activity is worse than a crime; it’s stupid. Terrorism is a threat to our society, but it is simply not an existential threat that justifies extraordinary measures. We face a variety of threats—from car accidents, which take about as many lives each month as the 9/11 tragedy, to weather (ranging from sudden disasters, such as hurricanes Katrina and Sandy, to the dangers from climate change), to global avian flu pandemics. The moves taken in the name of fighting terrorism, including the intrusive NSA data collection that has recently come to light and more generally the militarization of our society, are not justified by the dangers we currently face from terrorism. In fact, these moves will likely inhibit our ability to deal with many of the other threats and probably will even inhibit the antiterrorism campaign.

> As an NSA employee, I was aware of the rules about signals intelligence. When public discussions about foreign intelligence take place, there are some facts about the SIGINT system that people need to know: NSA is a supplier of intelligence, not a consumer; NSA does not choose its targets; NSA activities and processes are driven by laws established by Congress and by directives from the President, the Secretary of Defense, and the Director of National Intelligence (DNI).

Another former NSA employee, whistle-blower William Binney, contradicted these claims:

> NSA removed the privacy protections for US citizens and decided to collect and store as much data as it could ingest. No one had privacy from the government anymore. I of course objected, as in my mind these actions were, at a minimum, a violation of the First, Fourth, and Fifth Amendments to our Constitution. The First Amendment was violated because the graphing of social networks (enhanced by other knowledge bases—for example, a reverse lookup of the phone book) would show the people you are associated with. The First Amendment says you have the right to peaceably assemble, and the Supreme Court has held (e.g., in NAACP v. Alabama) that the government does not have a right to know with whom you are assembling. The collection of your email, chatter, and phone calls (recorded or transcribed) is a violation of the Fourth Amendment right to be secure in your affairs. And using content data in order to search for criminal activity can be a violation of the Fifth Amendment, which gives the right not to be a witness against yourself. An example of this is the “parallel construction” techniques used by the FBI and the DEA’s Special Operations Division...

> Some mathematicians are urging boycotts and other political actions based on overwrought laments about the National Security Agency (NSA)... There is a long history of academics getting over-excited about relatively inconsequential issues.

Schlafly added:

> Google and Facebook are huge multi-billion dollar companies that make all their money by inducing you to use free services, spying on you while you do, and then selling ads based on your preferences. When your privacy is not being sold, it is being stolen. Nearly everything about you is being tracked, recorded, archived, indexed, sold, and used for commercial purposes. Most of this is unregulated. New technologies are likely to accelerate this trend.

> In 2011, the NSA explicitly stated its goal of universal surveillance, describing its “posture” as “collect it all”, “know it all”, “exploit it all”. The same year, the NSA’s close British partner GCHQ said it was intercepting over fifty billion communication events per day. In 2012, a single NSA program celebrated its trillionth metadata record.

> Schlafly is, at least, correct in noting that outrage at the intelligence agencies’ abuse of surveillance powers is nothing new: from the FBI’s bugging of Martin Luther King and subsequent attempt to blackmail him into suicide, to the 2011 extra-judicial killing of an American child by CIA drone strike (a program to which the NSA supplies surveillance data). He is justified in worrying about the data held by Google, Facebook, etc., but he writes as if concern over that and state surveillance were mutually exclusive, which of course they are not; and much of that data is harvested by the NSA’s PRISM program anyway.

> No doubt the practices of Google are a real danger, but commercial companies are subject to regulations and can be brought before open courts whose judges are appointed by an elected president and have to be approved by the Senate. The regulations governing the NSA are classified, and the NSA is answerable only to a closed court whose judges are appointed, without further review, by a man who himself was appointed by a president who believed that one can defeat terror by declaring a war on it. Maybe these distinctions seem trivial to Dr. Schlafly, but even he should be able to understand why somebody like Alexander Beilinson, who grew up in a country where all courts were secret, does not.

Perhaps the most remarkable contribution to date came from a leading writer of popular math books, Keith Devlin (Stanford University), who revealed that he had been working on dragnet programs for several years:

> Over the course of my work on NIMD, I saw systems demonstrated under nonclassified circumstances that, in a few seconds, could produce incredibly detailed and deeply personal profiles of individuals based on an Internet search that pulled in many isolated publicly available facts. So when I hear officials from President Obama down say, “It’s just metadata,” I smell a deliberate attempt to mislead the population they are supposed to serve. Metadata tells you practically everything you need to know! In fact, much of the focus of my NIMD work was on the degree to which contextual features of signals (information sources) play a role in the knowledge that can be acquired from that signal. I was asked to join Veridian’s project in NIMD precisely to look at that issue.

And what did Devlin learn during his years working for the Surveillance State? He learned that these programs cannot possibly work for their alleged counterterrorism purpose:

> based on everything I learned in those five years, blanket surveillance is highly unlikely to prevent a terrorist attack and is a dangerous misuse of resources that, if used in other ways, possibly could prevent attacks (such as the 2013 Boston Marathon bombing). Anyone with a reasonable sense of large numbers could surmise a similar conclusion. When the goal is to identify a very small number of key signals in a large ocean of noise, indiscriminately increasing the size of the ocean is self-evidently not the way to go...

> And the bigger you make the dataset, the wider the information trawl, the more unlikely that it will lead to an effective countermeasure. Thus, not only did NIMD fail to meet its goal, but as the data collection grew (we did not know about the pending degree of growth at the time, of course, nor its scope), the more inaccessible that goal became. It is reasonable to assume that the number of genuine potential terrorists is small and not growing (at least not dramatically). Consequently, the bigger the data trawl, the harder it is to spot the bad guys, no matter how much computing power you bring to the problem.

Devlin expresses a post-Snowden emotional catharsis familiar to many who have "sold their soul" to the Surveillance state:

> The only reason I am putting these words down now is the feeling of intense betrayal I suffered when I learned how my government and the leadership of my intelligence community took the work I and many others did over many years, with a genuine desire to prevent another 9/11 attack, and subverted it in ways that run totally counter to the founding principles of the United States, that cause huge harm to the US economy, and that moreover almost certainly weaken our ability to defend ourselves...

> Personally, I would not trade freedom in order to prevent terrorist attacks, even if they were more frequent than the current de facto frequency of every ten years or so. If you do that, the terrorists have won. To give up those freedoms to run an Orwellian surveillance program that, based on the intelligence community’s own research, is known to not only not work but to divert resources that if properly targeted (i.e., narrow and deep) could work, is completely wrong.

> As things currently stand, I would not collaborate further with any of the US intelligence services. They have betrayed all of us who were glad to do what we could for the benefit of the free world and have used our work to trample over the Fourth Amendment, to do immense harm to US economic competitiveness, to weaken the Internet on which modern society depends, and to expose us to increased danger from our enemies (the latter two are “own-goals” that result from deliberately weakening the mathematical cryptosystems used in the Internet). I urge all my fellow mathematicians to take a similar stand.

Further essays by leading mathematicians decrying NSA's War on US have appeared in other venues, including:

I urge Tor Project to try to help EFF, ACLU, allies in AMS, and other concerned citizens place other stories in the mainstream media explaining the growing anti-NSA movement among USA STEM professionals.

To repeat an argument which has appeared in several blog comments in this space: the Surveillance state must be opposed by means technical, political, psychological and sociological. In particular, a concerted effort by the leadership of the US STEM professions could starve NSA of the talent pool it needs to continue its abuses of freedom.

Hi! There's a new alpha release available for download. If you build Tor from source, you can download the source code for 0.3.3.2-alpha from the usual place on the website. Packages should be available over the coming weeks, with a new alpha Tor Browser release some time in February.

Remember, this is an alpha release: you should only run this if you'd like to find and report more bugs than usual.

Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It introduces a mechanism to handle the high loads that many relay operators have been reporting recently. It also fixes several bugs in older releases. If this new code proves reliable, we plan to backport it to older supported release series.

Changes in version 0.3.3.2-alpha - 2018-02-10

Major features (denial-of-service mitigation):

Give relays some defenses against the recent network overload. We start with three defenses (default parameters in parentheses). First: if a single client address makes too many concurrent connections (>100), hang up on further connections. Second: if a single client address makes circuits too quickly (more than 3 per second, with an allowed burst of 90) while also having too many connections open (3), refuse new create cells for the next while (1-2 hours). Third: if a client asks to establish a rendezvous point to you directly, ignore the request. These defenses can be manually controlled by new torrc options, but relays will also take guidance from consensus parameters, so there's no need to configure anything manually. Implements ticket 24902.

Major bugfixes (netflow padding):

Stop adding unneeded channel padding right after we finish flushing to a connection that has been trying to flush for many seconds. Instead, treat all partial or complete flushes as activity on the channel, which will defer the time until we need to add padding. This fix should resolve confusing and scary log messages like "Channel padding timeout scheduled 221453ms in the past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.